INTERNET users in Britain are more likely to fall victim to identity theft than their peers elsewhere in Europe and North America. In a recent survey of 6,000 online shoppers in six countries by PayPal and Ipsos Research, 14% of respondents in Britain said that they have had their identities stolen online, compared with only 3% in Germany.[From Where your identity is more likely to be stolen | Online fraud | The Economist]
There may be a correlation here between “identity theft” and “card-not-present fraud” (Germans rarely use credit cards, least of all on the interweb), but we’ll return to that in a future discussion. Now, these statistics don’t, I think, mean the Brits are more criminally inclined. After all, fraud is an international business.
The criminals stored much of their data on computer servers in Latvia and Ukraine, and purchased blank debit and credit cards from confederates in China, which they imprinted with some of the stolen numbers for use in cash machines, investigators say.[From Global Trail of an Online Crime Ring – NYTimes.com]
It’s more likely that Britain is a soft touch: high card penetration and use, lots of internet shopping and other factors that lead to identity theft on an industrial scale. But where does this tidal wave of fraud actually originate? I read in The Telegraph that the top 10 identity theft hotspots in the UK are all in south east England. There’s an area of white collar fraud between London, Reading and that well-known criminal outpost, Guildford. Odd. In the top 10, only St. Albans falls outside of this theft triangle. Yet the government is going to test ID cards in Manchester… Well, as well all know, ID cards won’t have the slightest impact on identity theft for at least the next decade.
ID cards have been touted as the solution to a number of real problems – terrorism, crime and so on – though none of their supporters can ever explain how having an ID card stops a mugger or suicide bomber. But they began as the answer to a classic fake problem, still routinely cited by ministers, the need to “secure our identities” against “identity theft”.[From The ID card is on its last legs – just let it die with dignity | News]
Now, I wouldn’t call identity theft a “fake problem”. On the contrary, it’s a very real problem. But what is generally meant by identity theft, certainly in the Guildford triangle, is largely to do with payment card fraud (which is rampant in the UK) and account takeover. These are specific problems, not general identity problems. Until retailers demand that you present an ID card when you buy anything, or somehow allow them to read your identity card over the interweb, nothing much will change. Fortunately, someone is thinking this through: the UK ID card scheme may well use chip and PIN technology so that it can be accepted at retail POS. Lots of newspapers reported this, so I’ll choose to point to the report in that august journal of record from my home town, Swindon (or, “Swindon, city of the future”, as have generally called since 4th July 1995):
ID cards could be fitted with chip and pin technology to help combat identity fraud. The head of the Government agency tasked with producing the cards said there were no “technical obstacles” to adding chips to the cards and handing out pin numbers.[From ID cards ‘could use chip and pin’ (From Swindon Advertiser)]
I rather imagined that the cards already had chips on them, but putting that to one side, the idea of making ID cards work in chip and PIN terminals isn’t totally infeasible, although I’m not completely clear as why you would want to do this. I suppose the thinking is that the shops already have the terminals. But if you are asked to put your ID card into a terminal and punch in your PIN, wouldn’t you then get annoyed at having to take it back out again, then put your chip and PIN card in and then punch in another PIN? Why not just link your bank account to your ID card?
I don’t think the “Digital Britain” report, that the media seems oddly interested in (despite this week’s news that UK internet refusniks wouldn’t bother going online even if they were given a free PC and broadband) is going to hold out much hope for solving actual problems like identity theft, although I don’t really see how we’re going to make much progress on e-business, e-government and e-everything else without some sort of identity management infrastructure. I don’t see any discussion of serious issues like this in the context of Digital Britain discussion, only nonsense about how a tenth of our GDP is at risk because of kids using PirateBay.
We need to take identity theft seriously, which means taking identity seriously, which means having some kind of national strategy (not necessarily a national ID card).
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]